Russian Sergei Tsurikov was arraigned on Friday in a US court after being extradited for allegedly hacking into the Royal Bank of Scotland's US payroll processing network, RBS WorldPay, in 2008 and stealing US$9.4 million.
Tsurikov and two others - Viktor Pleshchik and Oleg Covelin - are accused of breaking the encryption the bank used to protect customer data on payroll debit cards, a facility which allows employees to withdraw cash from ATMs.
Tsurikov, who was arrested by Russian authorities in November last year, has pleaded not guilty, according to a report by The Associated Press.
The hackers are believed to have pulled off the multi-million dollar heist by raising the limits on compromised accounts and then providing 44 fake debit cards cards to so-called "cashers".
The cashers then withdrew money from 2,100 ATMs across 280 cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.
The whole US$9 million had gone within 12 hours, according to United States Attorney Sally Quillian Yates.
"In November 2008, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organised computer fraud attack ever conducted," she said.
Tsurikov and company allegedly attempted to cover their tracks by deleting their activity on the card processing network, according to Yates.
The "cashers", who were paid a cut, sent the cash back to Russia via transfer facilities WebMoney and Western Union.
_(22).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
